The following issues were found
tools/testing/selftests/arm64/signal/testcases/testcases.h
2 issues
Line: 39
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
char *err = NULL; \
if (!validate_reserved((uc), GET_UCP_RESV_SIZE((uc)), &err)) { \
if (err) \
fprintf(stderr, \
"Using badly built context - ERR: %s\n",\
err); \
} else { \
abort(); \
} \
Reported by FlawFinder.
Line: 51
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
char *err = NULL; \
if (!validate_reserved((uc), GET_UCP_RESV_SIZE((uc)), &err)) { \
if (err) \
fprintf(stderr, \
"Detected BAD context - ERR: %s\n", err);\
abort(); \
} else { \
fprintf(stderr, "uc context validated.\n"); \
} \
Reported by FlawFinder.
tools/power/cpupower/utils/cpupower-set.c
2 issues
Line: 58
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
params.params = 0;
/* parameter parsing */
while ((ret = getopt_long(argc, argv, "b:",
set_opts, NULL)) != -1) {
switch (ret) {
case 'b':
if (params.perf_bias)
print_wrong_arg_exit();
Reported by FlawFinder.
Line: 64
Column: 16
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
case 'b':
if (params.perf_bias)
print_wrong_arg_exit();
perf_bias = atoi(optarg);
if (perf_bias < 0 || perf_bias > 15) {
printf(_("--perf-bias param out "
"of range [0-%d]\n"), 15);
print_wrong_arg_exit();
}
Reported by FlawFinder.
tools/lib/perf/cpumap.c
2 issues
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i, j;
if (cpus != NULL) {
memcpy(cpus->map, tmp_cpus, payload_size);
qsort(cpus->map, nr_cpus, sizeof(int), cmp_int);
/* Remove dups */
j = 0;
for (i = 0; i < nr_cpus; i++) {
if (i == 0 || cpus->map[i] != cpus->map[i - 1])
Reported by FlawFinder.
Line: 162
Column: 10
CWE codes:
362
struct perf_cpu_map *cpus = NULL;
FILE *onlnf;
onlnf = fopen("/sys/devices/system/cpu/online", "r");
if (!onlnf)
return cpu_map__default_new();
cpus = perf_cpu_map__read(onlnf);
fclose(onlnf);
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_sysctl_prog.c
2 issues
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static __always_inline int is_tcp_mem(struct bpf_sysctl *ctx)
{
unsigned char i;
char name[sizeof(tcp_mem_name)];
int ret;
memset(name, 0, sizeof(name));
ret = bpf_sysctl_get_name(ctx, name, sizeof(name), 0);
if (ret < 0 || ret != sizeof(tcp_mem_name) - 1)
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sysctl_tcp_mem(struct bpf_sysctl *ctx)
{
unsigned long tcp_mem[3] = {0, 0, 0};
char value[MAX_VALUE_STR_LEN];
unsigned char i, off = 0;
volatile int ret;
if (ctx->write)
return 0;
Reported by FlawFinder.
tools/testing/selftests/bpf/test_progs.h
2 issues
Line: 99
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
({ \
test__fail(); \
fprintf(stdout, "%s:FAIL:%d ", __func__, __LINE__); \
fprintf(stdout, ##format); \
})
#define _CHECK(condition, tag, duration, format...) ({ \
int __ret = !!(condition); \
int __save_errno = errno; \
Reported by FlawFinder.
Line: 108
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (__ret) { \
test__fail(); \
fprintf(stdout, "%s:FAIL:%s ", __func__, tag); \
fprintf(stdout, ##format); \
} else { \
fprintf(stdout, "%s:PASS:%s %d nsec\n", \
__func__, tag, duration); \
} \
errno = __save_errno; \
Reported by FlawFinder.
tools/lib/perf/core.c
2 issues
Line: 3
Column: 47
CWE codes:
134
Suggestion:
Use a constant for the format specification
// SPDX-License-Identifier: GPL-2.0-only
#define __printf(a, b) __attribute__((format(printf, a, b)))
#include <stdio.h>
#include <stdarg.h>
#include <unistd.h>
#include <linux/compiler.h>
#include <perf/core.h>
Reported by FlawFinder.
Line: 16
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
static int __base_pr(enum libperf_print_level level __maybe_unused, const char *format,
va_list args)
{
return vfprintf(stderr, format, args);
}
static libperf_print_fn_t __libperf_pr = __base_pr;
__printf(2, 3)
Reported by FlawFinder.
tools/build/feature/test-libbfd.c
2 issues
Line: 4
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
// SPDX-License-Identifier: GPL-2.0
#include <bfd.h>
extern int printf(const char *format, ...);
int main(void)
{
char symbol[4096] = "FieldName__9ClassNameFd";
char *tmp;
Reported by FlawFinder.
Line: 8
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(void)
{
char symbol[4096] = "FieldName__9ClassNameFd";
char *tmp;
tmp = bfd_demangle(0, symbol, 0);
printf("demangled symbol: {%s}\n", tmp);
Reported by FlawFinder.
tools/perf/util/intel-pt-decoder/intel-pt-insn-decoder.c
2 issues
Line: 181
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
intel_pt_insn_decoder(&insn, intel_pt_insn);
if (insn.length < INTEL_PT_INSN_BUF_SZ)
memcpy(intel_pt_insn->buf, buf, insn.length);
else
memcpy(intel_pt_insn->buf, buf, INTEL_PT_INSN_BUF_SZ);
return 0;
}
Reported by FlawFinder.
Line: 183
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (insn.length < INTEL_PT_INSN_BUF_SZ)
memcpy(intel_pt_insn->buf, buf, insn.length);
else
memcpy(intel_pt_insn->buf, buf, INTEL_PT_INSN_BUF_SZ);
return 0;
}
int arch_is_branch(const unsigned char *buf, size_t len, int x86_64)
{
Reported by FlawFinder.
tools/testing/selftests/kvm/lib/kvm_util.c
2 issues
Line: 47
Column: 7
CWE codes:
362
{
int fd;
fd = open(KVM_DEV_PATH, flags);
if (fd < 0) {
print_skip("%s not available, is KVM loaded? (errno: %d)",
KVM_DEV_PATH, errno);
exit(KSFT_SKIP);
}
Reported by FlawFinder.
Line: 2265
Column: 6
CWE codes:
362
close(open_kvm_dev_path_or_exit());
}
f = fopen("/sys/module/kvm_intel/parameters/unrestricted_guest", "r");
if (f) {
count = fread(&val, sizeof(char), 1, f);
TEST_ASSERT(count == 1, "Unable to read from param file.");
fclose(f);
}
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_tcp_estats.c
2 issues
Line: 137
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tcp_estats_conn_id {
unsigned int localaddressType;
struct {
unsigned char data[16];
} localaddress;
struct {
unsigned char data[16];
} remaddress;
unsigned short localport;
Reported by FlawFinder.
Line: 140
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char data[16];
} localaddress;
struct {
unsigned char data[16];
} remaddress;
unsigned short localport;
unsigned short remport;
} __attribute__((__packed__));
Reported by FlawFinder.